VPN pptp连接无法通过linux iptables

tag-icon tag-icon ubuntu iptables vpn firewall pptp
VPN pptp连接无法通过linux iptables

我在 Linux - Ubuntu 机器后面设置了一个 Windows VPN 服务器,它充当防火墙和代理服务器。现在我想让外部人员能够连接到 VPN 服务器,但连接未建立,客户端出现错误 619。我在网上查了一下这个问题,似乎是防火墙的问题。

我应该怎么做才能通过防火墙建立连接?

以下是我的设置信息

防火墙-外部-IF-IP:172.16.1.100

防火墙-LAN-IF-IP:192.168.1.1

VPN 服务器 IP:192.168.1.10

以下是我的 iptables 文件内容:

    #Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*filter
:INPUT ACCEPT [162000:140437619]
:FORWARD ACCEPT [23282:27196133]
:OUTPUT ACCEPT [185778:143961739]
:LOGGING - [0:0]
-A INPUT -p gre -j ACCEPT
-A INPUT -s 192.168.1.10/32 -p tcp -m tcp --sport 1723 -j ACCEPT
-A INPUT -s 192.168.1.10/32 -p udp -m udp --sport 1723 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -o EXT_IF -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -i EXT_IF -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.10/32 -i EXT_IF -o INT_IF -p tcp -m tcp --dport 1723 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.10/32 -i INT_IF -o EXT_IF -p tcp -m tcp --sport 1723 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.10/32 -i EXT_IF -o INT_IF -p gre -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.1.10/32 -i INT_IF -o EXT_IF -p gre -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
-A OUTPUT -d 192.168.1.10/32 -p tcp -m tcp --dport 1723 -j ACCEPT
-A OUTPUT -d 192.168.1.10/32 -p udp -m udp --dport 1723 -j ACCEPT
COMMIT
# Completed on Thu May 29 12:40:18 2014
# Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*nat
:PREROUTING ACCEPT [17865:1053739]
:INPUT ACCEPT [5490:357281]
:OUTPUT ACCEPT [3723:223677]
:POSTROUTING ACCEPT [3726:223870]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.10
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p gre -j DNAT --to-destination 192.168.1.10
-A PREROUTING -i -h
-A POSTROUTING -s 192.168.1.0/24 -o EXT_IF -j MASQUERADE
COMMIT
# Completed on Thu May 29 12:40:18 2014
# Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*mangle
:PREROUTING ACCEPT [22695965:17811993005]
:INPUT ACCEPT [13818180:11522330171]
:PREROUTING ACCEPT [17865:1053739]
:INPUT ACCEPT [5490:357281]
:OUTPUT ACCEPT [3723:223677]
:POSTROUTING ACCEPT [3726:223870]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.10
-A PREROUTING -d 172.16.1.100/32 -i EXT_IF -p gre -j DNAT --to-destination 192.168.1.10
-A PREROUTING -i -h
-A POSTROUTING -s 192.168.1.0/24 -o EXT_IF -j MASQUERADE
COMMIT
# Completed on Thu May 29 12:40:18 2014
# Generated by iptables-save v1.4.12 on Thu May 29 12:40:18 2014
*mangle
:PREROUTING ACCEPT [22695965:17811993005]
:INPUT ACCEPT [13818180:11522330171]
:FORWARD ACCEPT [8527694:6271564562]
:OUTPUT ACCEPT [14748508:11899678536]
:POSTROUTING ACCEPT [23271280:18170828012]
COMMIT
# Completed on Thu May 29 12:40:18 2014

希望我能在这里找到解决方案....!!:(

相关内容